The most famous document scanning app, CamScanner, used by many, from students to the working class, was found in recent versions with serious malware after researchers from Kasperparki Lab alerted them. ‘Suspicious behavior’ in the free version of the popular app.
It was obviously damaging the ad library with a malicious module called Kaspersky Investigators-Trojan-Dropper. Android OS.necro.n ‘
Trojan downloader and the damage it can do
With over 3 million downloads on Google Playstore and Appstore, the most popular and useful document scanning app, Disclaimer was discovered in the presence of a malicious module that allows users to download ads on Android devices or otherwise. Application downloaded.
After being alerted to ‘suspicious behavior’ in the free version of the application, a positive review of the negative reviews by users prevented the use of the app. Jan Trojan-dropper recognizes this malicious module. AroidroidOS.Necro.n ‘.
This is a Trojan dropper module, which means it can extract and run another malicious component from an encrypted file contained in the application’s resources. This is instead a Trojan downloader that can be used to infect devices with other types of malware. An application with this malicious code may show hidden ads and sign up for a paid subscription to Kasperby users.
It performs the main functions of ‘TrojanDropper.androidOS.necro.n’ malware: to download and launch payloads from the malicious server, allowing the module owner to use any infected device to their advantage. Can do From showing the ad to stealing money from the victim on his mobile account.
Anyway, CamScanner was a great application that provided remarkable functionality. It displayed ads to generate revenue, but the options for in-app purchases and license purchases varied to remove ads. It had no such purpose.
Google Playstore requires this level of security
The remarkable thing here is that the malware module was only seen in the Android version of the app and it seems that its iOS version is still available in the App Store, possibly due to Apple’s strict application checking policies.
For this reason, the CamScanner app has been removed from the Google Play Store. Although Kaspersky reports that the developers of the app removed the bad code with the latest update, as the version of the application varies for different devices, it is recommended that someone uninstall it because their device is included there may be an older version of the application that contains Trojan Trooper malware modulus. Does.
This latest incident of malware detection in the Google Playstore marks another sketch spot for the latter, making it easy to process through Google’s app checking process. Although hundreds of thousands of harmful applications have been removed by antivirus efforts, the security layer is not completely bulletproof to provide protection against all types of malware.
In fact, this is not the first time an app has gone through the Google Play Store’s app checking process. One should be careful when installing the application on your device. Be sure to review their permissions, review and install them only when it is needed for your daily routine.